1. [Computer] Navigate to https://account.guildwars2.com/account/security/totp and log in with your Guild Wars 2 credentials.
- If you are redirected to the Security home page (https://account.guildwars2.com/account/security), be sure to add /totp back into the URL.
2. [Computer] Identify the correct app for your mobile platform. Here are some suggestions:
- Google Authenticator for iPhones and Android.
- Windows Authenticator for Windows Phones.
3. [Mobile] Download the application to your mobile device.
4. [Computer] Click ‘Next’ on the Account Management page
5. [Mobile] If your version of the Mobile Authenticator app has the ability to scan QR codes, use it to automatically scan the QR code displayed in Account Management [Computer] and skip to step #7.
6. [Mobile] If your version of the Mobile Authenticator app does not have the ability scan QR codes, or that ability is not working with the QR code displayed, enter your credentials manually.
- “Account Name” is the same as your Guild Wars Account Name.
- “Key” is the secret code displayed in Account Management [Computer].
- Select “Time Based” and not “Counter Based”
- Select ‘Add’.
7. [Computer] In the field below the QR code, enter the six-digit code now displayed from your Mobile Authenticator app [Mobile].
Click ‘Next’.

A good thing they could add is a "coinlock" it's in another MMO I play and is not intrusive in the very least. Basically it locks down everything regarding selling, buying or destroying anything on you character. If you or someone logs in from an unknown IP address it kicks in and sends you an email with a code to enter in game to unlock your toon. Works well for people with out a smartphone.

Awesome! The email security - while a great tempory measure - was kinda hard work for me! My IP changes a lot for one thing,and for another, my poor overworked laptop found it hard to open Firefox when GW2 was open lol, so it was slow going (Laptop = going into retirement from heavy gaming in the next couple of weeks!)

A good thing they could add is a "coinlock" it's in another MMO I play and is not intrusive in the very least. Basically it locks down everything regarding selling, buying or destroying anything on you character. If you or someone logs in from an unknown IP address it kicks in and sends you an email with a code to enter in game to unlock your toon. Works well for people with out a smartphone.

Coinlock is just a less restrictive email authentication, which they already have, and have had since BWE3 (give or take, it might've been 2, or a stress test).

I've always felt the e-mail authentication was a bit weird, seeing as you're using the very same e-mail itself as your log-in. So that really only leaves the hopes that the average person uses two passwords, and seeing as you already compromised one, the other one shouldn't be all that difficult to get ahold of, all things sadly considered.

Little sad this is only in beta, but it's definitely miles of improvement. Now if only Google Authenticator let me actually change its color scheme, hmmm....

I've always felt the e-mail authentication was a bit weird, seeing as you're using the very same e-mail itself as your log-in. So that really only leaves the hopes that the average person uses two passwords, and seeing as you already compromised one, the other one shouldn't be all that difficult to get ahold of, all things sadly considered.

If you're as paranoid as I am, you can drop a few coins to have your GW2 login email different from the mail you receive emails to. In addition to using different passwords, of course. I've set up a non-existant catch-all webserver which redirects all emails to my actual address.

And of course, if you use Gmail, there's the additional security of mobile authentication there too. Set up a mobile phone number, and any time someone tries to log in to your account from an IP you haven't set to always be allowed (like your home computer), a text message will be sent to your phone with a verification code needed to log in. This tells you two things: first, someone's trying to access your account right now, second, whomever's doing it has your username and password.

Hoping they come up with a solution for the rare people (like my girlfriend) who don't have/can't afford a smartphone.

---------- Post added 2012-10-12 at 03:47 PM ----------

Originally Posted by Kelesti

I've always felt the e-mail authentication was a bit weird, seeing as you're using the very same e-mail itself as your log-in. So that really only leaves the hopes that the average person uses two passwords, and seeing as you already compromised one, the other one shouldn't be all that difficult to get ahold of, all things sadly considered.

Little sad this is only in beta, but it's definitely miles of improvement. Now if only Google Authenticator let me actually change its color scheme, hmmm....

Not that weird considering that they also highly recommend some form of e-mail authentication sent to your phone, though I'll admit that was kind of a "cop out" to buy time to set up their own authentication system. Which, I currently believe, was something they did not place as top priority to have ready for launch.

I hope you haven't forgotten my role in this little story. I'm the leading man. You know what they say about the leading man? He never dies.

If you give in to your impulses in this world, the price is that it changes your personality in the real world. The player and character are one and the same.